On Tuesday, in a joint Cybersecurity Advisory issued by the FBI, NSA, US Cyber Command and international partners raised concerns regarding a foreign state-sponsored cyber actors’ exploitation of compromised Ubiquiti EdgeRouters.
EdgeRouters are particularly vulnerable to compromise as they are shipped with vulnerable default login settings and lack robust firewall settings and rely on manual firmware updates. Also, the EdgeRouter itself provides an ideal position within the network for threat actors to move laterally or to enable more advanced command-and-control functions.
Threat actors have utilized compromised EdgeRouters to harvest credentials, proxy network traffic and host spear-phishing landing pages and custom tools.
The advisory suggests EdgeRouter network defenders and users to:
- Perform a hardware factory reset
- Upgrade to the latest firmware version
- Change any default usernames and passwords
- Implement strategic firewall rules on WAN-side interfaces
Greg Welch, CEO, CyberProtonics had this to say:
“The Ubiquiti breach demonstrates an all-too-common scenario where human error leads to the exposure of highly sensitive data. This highlights the need for data encryption as close to the source as possible, establishing true least privileged access controls across the network, and an emphasis on continuous user authentication to prevent unauthorized threat actors.”
Perhaps out of paranoia, or perhaps out of an abundance of caution, I reset my router every few months. I also have some custom firewall rules enabled as well. Because these days you can’t be too careful.
Related
This entry was posted on March 1, 2024 at 8:07 am and is filed under Commentary with tags Ubiquiti. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
FBI Issues Alert on foreign threats targeting Ubiquiti routers
On Tuesday, in a joint Cybersecurity Advisory issued by the FBI, NSA, US Cyber Command and international partners raised concerns regarding a foreign state-sponsored cyber actors’ exploitation of compromised Ubiquiti EdgeRouters.
EdgeRouters are particularly vulnerable to compromise as they are shipped with vulnerable default login settings and lack robust firewall settings and rely on manual firmware updates. Also, the EdgeRouter itself provides an ideal position within the network for threat actors to move laterally or to enable more advanced command-and-control functions.
Threat actors have utilized compromised EdgeRouters to harvest credentials, proxy network traffic and host spear-phishing landing pages and custom tools.
The advisory suggests EdgeRouter network defenders and users to:
Greg Welch, CEO, CyberProtonics had this to say:
“The Ubiquiti breach demonstrates an all-too-common scenario where human error leads to the exposure of highly sensitive data. This highlights the need for data encryption as close to the source as possible, establishing true least privileged access controls across the network, and an emphasis on continuous user authentication to prevent unauthorized threat actors.”
Perhaps out of paranoia, or perhaps out of an abundance of caution, I reset my router every few months. I also have some custom firewall rules enabled as well. Because these days you can’t be too careful.
Share this:
Like this:
Related
This entry was posted on March 1, 2024 at 8:07 am and is filed under Commentary with tags Ubiquiti. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.